> > an encrypted version of it for confidentiality). Right?
> >
> > You seem to think this is justified for a `very good security reasons`.
> > Right?
> >
> > Question: what are these security reasons?
>
> Well the security reason is that if the signature doesn't include enough
> randomness then the signature can be guessed. Which leads to potential
> compromises.
First I think this is a XML-DSIG problem. Secondly,
DSA and ECDSA all require to have a random seed "r"
for each signature. And the security issues are discussed
in the DSA or ECDSA standard. It is not a problem for
XML-Encryption. Also generally the signatures are on
plaintext. So this is really no reason to exclude
the case that one can sign on a plaintext. Most
contract are signed on plaintext (of course, need to
hash it first).
Yongge
-----------------------------------
Yongge Wang -- Crypto Mathematician
http://cs.uwm.edu/~wang/
-----------------------------------